| Ãë¾àÁ¡ID |
22918 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
Servlet |
| »ó¼¼¼³¸í |
¿ø°Ý Oracle WebLogic ¼¹ö´Â XML ÀÎÄÚµù µÈ Java °´Ã¼ÀÇ ¾ÈÀüÇÏÁö ¾ÊÀº ºñ Á÷·ÄÈ·Î ÀÎÇØ WLS9-async ±¸¼º ¿ä¼ÒÀÇ ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÇ ¿µÇâÀ»¹Þ½À´Ï´Ù. ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý °ø°ÝÀÚ´Â Java °´Ã¼¸¦ ÅëÇØ WebLogic ¼¹ö ÄÁÅؽºÆ®¿¡¼ ÀÓÀÇÀÇ Java Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ½À´Ï´Ù.
* Âü°í »çÀÌÆ®:
https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
https://medium.com/@knownsec404team/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0
Any operating system Any version |
| ÇØ°áÃ¥ |
Oracle WebLogic Server À¥ »çÀÌÆ®ÀÎ https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù. |
| °ü·Ã URL |
CVE-2019-2725 (CVE) |
| °ü·Ã URL |
108074 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
